Privacy Policy

Clickweave is operated by Clickweave OÜ, Estonia. Privacy and account questions can be sent to privacy@clickweave.co.

Clickweave is built to provide meaningful Lighthouse audit data while keeping data collection focused and transparent. This policy explains what the hosted Clickweave service collects, how it is used, and how we handle audit and account data.

What we collect

When you use Clickweave, we process information needed to provide the service:

• Account data. Email address, name, organisation name, and authentication records from Clerk.
• URLs you submit. The URLs, pages, and paths you configure for auditing, monitoring, or one-off Lighthouse checks.
• Lighthouse reports. Full Lighthouse JSON output — performance, accessibility, SEO, best-practice, and PWA scores, plus opportunities, diagnostics, and audit details.
• Aggregated metrics. Score history, trends, and derived metrics stored in Tinybird for dashboard queries.
• Audit configuration. Monitor schedules, team settings, dashboard share links, and integration tokens.
• Billing data. Subscription plan, invoice history, and payment records handled through Polar.
• Support communications. Emails, messages, or feedback you send to us.

What we don't collect

Clickweave is designed around data minimisation. We do not collect or use:

• Cookies for analytics or tracking purposes — authentication cookies from Clerk are the only cookies used
• Session recordings of pages being audited
• Any data from pages beyond what Lighthouse itself captures during an audit run
• Persistent visitor identifiers or cross-session profiles of page visitors
• Raw IP addresses stored in the application database
• Browser fingerprinting or any client-side tracking outside the audit process

How we use information

We use information to:

• Run Lighthouse audits on the URLs you configure
• Provide dashboards, reports, score history, shared links, and alerts
• Filter abusive, spam, or unauthorised audit requests
• Secure, maintain, debug, and improve the service
• Manage accounts, subscriptions, support, and legal obligations

Data storage and infrastructure

Clickweave uses the following infrastructure providers to store and process data:

• Supabase (Postgres, eu-west-2) — account metadata, site config, snapshot metadata, team data
• Cloudflare (R2, Workers, D1) — raw Lighthouse JSON storage, edge request processing, queue/consumer infrastructure
• Tinybird (gcp-europe-west2) — aggregated metric queries and dashboard data
• Clerk — authentication and identity management
• Polar — subscription checkout, billing, and payment processing

Sharing and disclosure

We do not sell audit data or personal information. Audit data is visible to the account owner, authorised team members, and anyone the account owner gives access to through shared dashboard links or integrations.

We use the service providers listed above (also referred to as sub-processors) to operate Clickweave. They are listed in our Data Processing Addendum. We may also disclose information if required by law or to protect the service, customers, or others.

Data retention

Lighthouse audit history is retained for as long as the customer keeps the relevant site or account active, unless deleted earlier by the customer, required by law, or otherwise agreed. Account, billing, subscription, and operational records may be kept for as long as needed to provide the service, comply with legal obligations, resolve disputes, and enforce agreements.

Deleting a site or account permanently removes associated audit data within a reasonable period. Backup copies may persist temporarily but are not accessible through the service.

Your rights

If you are a Clickweave account holder, you can contact us at privacy@clickweave.co about access, correction, deletion, or other privacy requests related to your account.

If you are a visitor to a site that someone audits using Clickweave, the site owner is responsible for their use of Clickweave and their privacy notice. Contact the site owner first with any questions.

Data processing addendum (organisations)

If you need a processor agreement (GDPR-style DPA) for the hosted Clickweave service, see the Data Processing Addendum. It is part of our Terms of Service; using the hosted service accepts the current DPA, and you can download a PDF copy from that page for your files.

Changes

We may update this policy from time to time. The most recent revision date will be noted at the top of this page.

Contact

Questions about this Privacy Policy: privacy@clickweave.co.

Security disclosures: security@clickweave.co.